Skip to content

Enforce regex in security orchestration schema

Andy Schoenen requested to merge 388135-enforce-regular-expressions-in-security-orchestration-schema into master

What does this MR do and why?

It enforces regex in security orchestration schema by using patternProperties in the security policy JSON schema

How to set up and validate locally

  1. Switch to the master branch.
  2. On a project, navigate to Security and Compliance -> Policies.
  3. Select New policy.
  4. Select Scan execution policy.
  5. Switch to .yaml mode.
  6. Copy and paste the example policy below.
  7. Select Configure with a merge request.
  8. A merge request should be created without validation errors.
  9. Switch to the 388135-enforce-regular-expressions-in-security-orchestration-schema branch.
  10. Do steps 1 to 7.
  11. It should now fail with "property '/scan_execution_policy/5/rules/0/agents/my agent' is invalid: error_type=schema"
  12. Replace the key my agent with my-agent (removing the whitespace).
  13. Select Configure with a merge request.
  14. A merge request should be created without validation errors.

Example policy

type: scan_execution_policy
name: Kubernetes cluster scan
enabled: true
actions:
- scan: container_scanning
rules:
- type: schedule
  cadence: '0 10 * * *'
  agents:
    my agent:
      namespaces:
      - 'default'

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #388135 (closed)

Edited by Andy Schoenen

Merge request reports